aws-sdk-ssm 1.191.0 → 1.193.0

data/lib/aws-sdk-ssm/types.rb

@@ -10,6 +10,20 @@
 module Aws::SSM
   module Types
 
+    # The requester doesn't have permissions to perform the requested
+    # operation.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/AccessDeniedException AWS API Documentation
+    #
+    class AccessDeniedException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information includes the Amazon Web Services account ID where the
     # current document is shared and the version shared with that account.
     #
@@ -1829,6 +1843,16 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates whether managed nodes for which there are available
+    #   security-related patches that have not been approved by the baseline
+    #   are being defined as `COMPLIANT` or `NON_COMPLIANT`. This option is
+    #   specified when the `CreatePatchBaseline` or `UpdatePatchBaseline`
+    #   commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/BaselineOverride AWS API Documentation
     #
     class BaselineOverride < Struct.new(
@@ -1840,7 +1864,8 @@ module Aws::SSM
       :rejected_patches,
       :rejected_patches_action,
       :approved_patches_enable_non_security,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4060,6 +4085,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status you want to assign to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] client_token
     #   User-provided idempotency token.
     #
@@ -4099,6 +4140,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :client_token,
       :tags)
       SENSITIVE = []
@@ -4157,6 +4199,38 @@ module Aws::SSM
     #
     class CreateResourceDataSyncResult < Aws::EmptyStructure; end
 
+    # The temporary security credentials, which include an access key ID, a
+    # secret access key, and a security (or session) token.
+    #
+    # @!attribute [rw] access_key_id
+    #   The access key ID that identifies the temporary security
+    #   credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret access key that can be used to sign requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_token
+    #   The token that users must pass to the service API to use the
+    #   temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration_time
+    #   The datetime on which the current credentials expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/Credentials AWS API Documentation
+    #
+    class Credentials < Struct.new(
+      :access_key_id,
+      :secret_access_key,
+      :session_token,
+      :expiration_time)
+      SENSITIVE = [:secret_access_key, :session_token]
+      include Aws::Structure
+    end
+
     # You have exceeded the limit for custom schemas. Delete one or more
     # custom schemas and try again.
     #
@@ -6411,6 +6485,16 @@ module Aws::SSM
     #   is `NON_COMPLIANT`.
     #   @return [Integer]
     #
+    # @!attribute [rw] instances_with_available_security_updates
+    #   The number of managed nodes for which security-related patches are
+    #   available but not approved because because they didn't meet the
+    #   patch baseline requirements. For example, an updated version of a
+    #   patch might have been released before the specified auto-approval
+    #   period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchGroupStateResult AWS API Documentation
     #
     class DescribePatchGroupStateResult < Struct.new(
@@ -6425,7 +6509,8 @@ module Aws::SSM
       :instances_with_unreported_not_applicable_patches,
       :instances_with_critical_non_compliant_patches,
       :instances_with_security_non_compliant_patches,
-      :instances_with_other_non_compliant_patches)
+      :instances_with_other_non_compliant_patches,
+      :instances_with_available_security_updates)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7529,6 +7614,36 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # @!attribute [rw] access_request_id
+    #   The ID of a just-in-time node access request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetAccessTokenRequest AWS API Documentation
+    #
+    class GetAccessTokenRequest < Struct.new(
+      :access_request_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] credentials
+    #   The temporary security credentials which can be used to start
+    #   just-in-time node access sessions.
+    #   @return [Types::Credentials]
+    #
+    # @!attribute [rw] access_request_status
+    #   The status of the access request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetAccessTokenResponse AWS API Documentation
+    #
+    class GetAccessTokenResponse < Struct.new(
+      :credentials,
+      :access_request_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] automation_execution_id
     #   The unique identifier for an existing automation execution to
     #   examine. The execution ID is returned by StartAutomationExecution
@@ -9278,6 +9393,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetPatchBaselineResult AWS API Documentation
     #
     class GetPatchBaselineResult < Struct.new(
@@ -9295,7 +9419,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10049,6 +10174,15 @@ module Aws::SSM
     #   `UnreportedNotApplicableCount`.
     #   @return [Integer]
     #
+    # @!attribute [rw] available_security_update_count
+    #   The number of security-related patches that are available but not
+    #   approved because they didn't meet the patch baseline requirements.
+    #   For example, an updated version of a patch might have been released
+    #   before the specified auto-approval period was over.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [Integer]
+    #
     # @!attribute [rw] operation_start_time
     #   The time the most recent patching operation was started on the
     #   managed node.
@@ -10129,6 +10263,7 @@ module Aws::SSM
       :failed_count,
       :unreported_not_applicable_count,
       :not_applicable_count,
+      :available_security_update_count,
       :operation_start_time,
       :operation_end_time,
       :operation,
@@ -13382,7 +13517,8 @@ module Aws::SSM
     # @!attribute [rw] account_ids_to_add
     #   The Amazon Web Services users that should have access to the
     #   document. The account IDs can either be a group of account IDs or
-    #   *All*.
+    #   *All*. You must specify a value for this parameter or the
+    #   `AccountIdsToRemove` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] account_ids_to_remove
@@ -13390,7 +13526,8 @@ module Aws::SSM
     #   the document. The Amazon Web Services user can either be a group of
     #   account IDs or *All*. This action has a higher priority than
     #   `AccountIdsToAdd`. If you specify an ID to add and the same ID to
-    #   remove, the system removes access to the document.
+    #   remove, the system removes access to the document. You must specify
+    #   a value for this parameter or the `AccountIdsToAdd` parameter.
     #   @return [Array<String>]
     #
     # @!attribute [rw] shared_document_version
@@ -15808,11 +15945,16 @@ module Aws::SSM
     #   see [Creating Systems Manager parameters][1] in the *Amazon Web
     #   Services Systems Manager User Guide*.
     #
-    #   <note markdown="1"> The maximum length constraint of 2048 characters listed below
-    #   includes 1037 characters reserved for internal use by Systems
-    #   Manager. The maximum length for a parameter name that you create is
-    #   1011 characters. This includes the characters in the ARN that
-    #   precede the name you specify, such as
+    #   <note markdown="1"> The reported maximum length of 2048 characters for a parameter name
+    #   includes 1037 characters that are reserved for internal use by
+    #   Systems Manager. The maximum length for a parameter name that you
+    #   specify is 1011 characters.
+    #
+    #    This count of 1011 characters includes the characters in the ARN
+    #   that precede the name you specify. This ARN length will vary
+    #   depending on your partition and Region. For example, the following
+    #   45 characters count toward the 1011 character maximum for a
+    #   parameter created in the US East (Ohio) Region:
     #   `arn:aws:ssm:us-east-2:111122223333:parameter/`.
     #
     #    </note>
@@ -17717,6 +17859,42 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # The request exceeds the service quota. Service quotas, also referred
+    # to as limits, are the maximum number of service resources or
+    # operations for your Amazon Web Services account.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The unique ID of the resource referenced in the failed request.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type of the resource referenced in the failed request.
+    #   @return [String]
+    #
+    # @!attribute [rw] quota_code
+    #   The quota code recognized by the Amazon Web Services Service Quotas
+    #   service.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_code
+    #   The code for the Amazon Web Services service that owns the quota.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/ServiceQuotaExceededException AWS API Documentation
+    #
+    class ServiceQuotaExceededException < Struct.new(
+      :message,
+      :resource_id,
+      :resource_type,
+      :quota_code,
+      :service_code)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The service setting data structure.
     #
     # `ServiceSetting` is an account-level setting for an Amazon Web
@@ -17990,6 +18168,42 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # @!attribute [rw] reason
+    #   A brief description explaining why you are requesting access to the
+    #   node.
+    #   @return [String]
+    #
+    # @!attribute [rw] targets
+    #   The node you are requesting access to.
+    #   @return [Array<Types::Target>]
+    #
+    # @!attribute [rw] tags
+    #   Key-value pairs of metadata you want to assign to the access
+    #   request.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/StartAccessRequestRequest AWS API Documentation
+    #
+    class StartAccessRequestRequest < Struct.new(
+      :reason,
+      :targets,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_request_id
+    #   The ID of the access request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/StartAccessRequestResponse AWS API Documentation
+    #
+    class StartAccessRequestResponse < Struct.new(
+      :access_request_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] association_ids
     #   The association IDs that you want to run immediately and only one
     #   time.
@@ -18910,6 +19124,31 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # The request or operation couldn't be performed because the service is
+    # throttling requests.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @!attribute [rw] quota_code
+    #   The quota code recognized by the Amazon Web Services Service Quotas
+    #   service.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_code
+    #   The code for the Amazon Web Services service that owns the quota.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/ThrottlingException AWS API Documentation
+    #
+    class ThrottlingException < Struct.new(
+      :message,
+      :quota_code,
+      :service_code)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The `Targets` parameter includes too many tags. Remove one or more
     # tags and try the command again.
     #
@@ -20478,6 +20717,22 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the status to be assigned to security patches that are
+    #   available but not approved because they don't meet the installation
+    #   criteria specified in the patch baseline.
+    #
+    #   Example scenario: Security patches that you might want installed can
+    #   be skipped if you have specified a long period to wait after a patch
+    #   is released before installation. If an update to the patch is
+    #   released during your specified waiting period, the waiting period
+    #   for installing the patch starts over. If the waiting period is too
+    #   long, multiple versions of the patch could be released but never
+    #   installed.
+    #
+    #   Supported for Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @!attribute [rw] replace
     #   If True, then all fields that are required by the
     #   CreatePatchBaseline operation are also required for this API
@@ -20498,6 +20753,7 @@ module Aws::SSM
       :rejected_patches_action,
       :description,
       :sources,
+      :available_security_updates_compliance_status,
       :replace)
       SENSITIVE = []
       include Aws::Structure
@@ -20567,6 +20823,15 @@ module Aws::SSM
     #   to Linux managed nodes only.
     #   @return [Array<Types::PatchSource>]
     #
+    # @!attribute [rw] available_security_updates_compliance_status
+    #   Indicates the compliance status of managed nodes for which
+    #   security-related patches are available but were not approved. This
+    #   preference is specified when the `CreatePatchBaseline` or
+    #   `UpdatePatchBaseline` commands are run.
+    #
+    #   Applies to Windows Server managed nodes only.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdatePatchBaselineResult AWS API Documentation
     #
     class UpdatePatchBaselineResult < Struct.new(
@@ -20583,7 +20848,8 @@ module Aws::SSM
       :created_date,
       :modified_date,
       :description,
-      :sources)
+      :sources,
+      :available_security_updates_compliance_status)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-ssm.rb

@@ -55,7 +55,7 @@ module Aws::SSM
   autoload :EndpointProvider, 'aws-sdk-ssm/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssm/endpoints'
 
-  GEM_VERSION = '1.191.0'
+  GEM_VERSION = '1.193.0'
 
 end
 

data/sig/client.rbs

@@ -340,7 +340,7 @@ module Aws
                              name: ::String,
                              ?display_name: ::String,
                              ?version_name: ::String,
-                             ?document_type: ("Command" | "Policy" | "Automation" | "Session" | "Package" | "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "DeploymentStrategy" | "ChangeCalendar" | "Automation.ChangeTemplate" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "CloudFormation" | "ConformancePackTemplate" | "QuickSetup"),
+                             ?document_type: ("Command" | "Policy" | "Automation" | "Session" | "Package" | "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "DeploymentStrategy" | "ChangeCalendar" | "Automation.ChangeTemplate" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "CloudFormation" | "ConformancePackTemplate" | "QuickSetup" | "ManualApprovalPolicy" | "AutoApprovalPolicy"),
                              ?document_format: ("YAML" | "JSON" | "TEXT"),
                              ?target_type: ::String,
                              ?tags: Array[
@@ -486,6 +486,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?client_token: ::String,
                                    ?tags: Array[
                                      {
@@ -1177,7 +1178,7 @@ module Aws
       def describe_ops_items: (
                                 ?ops_item_filters: Array[
                                   {
-                                    key: ("Status" | "CreatedBy" | "Source" | "Priority" | "Title" | "OpsItemId" | "CreatedTime" | "LastModifiedTime" | "ActualStartTime" | "ActualEndTime" | "PlannedStartTime" | "PlannedEndTime" | "OperationalData" | "OperationalDataKey" | "OperationalDataValue" | "ResourceId" | "AutomationId" | "Category" | "Severity" | "OpsItemType" | "ChangeRequestByRequesterArn" | "ChangeRequestByRequesterName" | "ChangeRequestByApproverArn" | "ChangeRequestByApproverName" | "ChangeRequestByTemplate" | "ChangeRequestByTargetsResourceGroup" | "InsightByType" | "AccountId"),
+                                    key: ("Status" | "CreatedBy" | "Source" | "Priority" | "Title" | "OpsItemId" | "CreatedTime" | "LastModifiedTime" | "ActualStartTime" | "ActualEndTime" | "PlannedStartTime" | "PlannedEndTime" | "OperationalData" | "OperationalDataKey" | "OperationalDataValue" | "ResourceId" | "AutomationId" | "Category" | "Severity" | "OpsItemType" | "AccessRequestByRequesterArn" | "AccessRequestByRequesterId" | "AccessRequestByApproverArn" | "AccessRequestByApproverId" | "AccessRequestBySourceAccountId" | "AccessRequestBySourceOpsItemId" | "AccessRequestBySourceRegion" | "AccessRequestByIsReplica" | "AccessRequestByTargetResourceId" | "ChangeRequestByRequesterArn" | "ChangeRequestByRequesterName" | "ChangeRequestByApproverArn" | "ChangeRequestByApproverName" | "ChangeRequestByTemplate" | "ChangeRequestByTargetsResourceGroup" | "InsightByType" | "AccountId"),
                                     values: Array[::String],
                                     operator: ("Equal" | "Contains" | "GreaterThan" | "LessThan")
                                   },
@@ -1245,6 +1246,7 @@ module Aws
         def instances_with_critical_non_compliant_patches: () -> ::Integer
         def instances_with_security_non_compliant_patches: () -> ::Integer
         def instances_with_other_non_compliant_patches: () -> ::Integer
+        def instances_with_available_security_updates: () -> ::Integer
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#describe_patch_group_state-instance_method
       def describe_patch_group_state: (
@@ -1314,6 +1316,17 @@ module Aws
                                               ) -> _DisassociateOpsItemRelatedItemResponseSuccess
                                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DisassociateOpsItemRelatedItemResponseSuccess
 
+      interface _GetAccessTokenResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetAccessTokenResponse]
+        def credentials: () -> Types::Credentials
+        def access_request_status: () -> ("Approved" | "Rejected" | "Revoked" | "Expired" | "Pending")
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#get_access_token-instance_method
+      def get_access_token: (
+                              access_request_id: ::String
+                            ) -> _GetAccessTokenResponseSuccess
+                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetAccessTokenResponseSuccess
+
       interface _GetAutomationExecutionResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetAutomationExecutionResult]
         def automation_execution: () -> Types::AutomationExecution
@@ -1437,7 +1450,8 @@ module Aws
                                                               products: Array[::String],
                                                               configuration: ::String
                                                             },
-                                                          ]?
+                                                          ]?,
+                                                          available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT")?
                                                         }
                                                       ) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
                                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetDeployablePatchSnapshotForInstanceResponseSuccess
@@ -1452,7 +1466,7 @@ module Aws
         def status: () -> ("Creating" | "Active" | "Updating" | "Deleting" | "Failed")
         def status_information: () -> ::String
         def content: () -> ::String
-        def document_type: () -> ("Command" | "Policy" | "Automation" | "Session" | "Package" | "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "DeploymentStrategy" | "ChangeCalendar" | "Automation.ChangeTemplate" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "CloudFormation" | "ConformancePackTemplate" | "QuickSetup")
+        def document_type: () -> ("Command" | "Policy" | "Automation" | "Session" | "Package" | "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "DeploymentStrategy" | "ChangeCalendar" | "Automation.ChangeTemplate" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "CloudFormation" | "ConformancePackTemplate" | "QuickSetup" | "ManualApprovalPolicy" | "AutoApprovalPolicy")
         def document_format: () -> ("YAML" | "JSON" | "TEXT")
         def requires: () -> ::Array[Types::DocumentRequires]
         def attachments_content: () -> ::Array[Types::AttachmentContent]
@@ -1793,6 +1807,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#get_patch_baseline-instance_method
       def get_patch_baseline: (
@@ -2450,7 +2465,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#send_automation_signal-instance_method
       def send_automation_signal: (
                                     automation_execution_id: ::String,
-                                    signal_type: ("Approve" | "Reject" | "StartStep" | "StopStep" | "Resume"),
+                                    signal_type: ("Approve" | "Reject" | "StartStep" | "StopStep" | "Resume" | "Revoke"),
                                     ?payload: Hash[::String, Array[::String]]
                                   ) -> _SendAutomationSignalResponseSuccess
                                 | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SendAutomationSignalResponseSuccess
@@ -2501,6 +2516,28 @@ module Aws
                         ) -> _SendCommandResponseSuccess
                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SendCommandResponseSuccess
 
+      interface _StartAccessRequestResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::StartAccessRequestResponse]
+        def access_request_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#start_access_request-instance_method
+      def start_access_request: (
+                                  reason: ::String,
+                                  targets: Array[
+                                    {
+                                      key: ::String?,
+                                      values: Array[::String]?
+                                    },
+                                  ],
+                                  ?tags: Array[
+                                    {
+                                      key: ::String,
+                                      value: ::String
+                                    },
+                                  ]
+                                ) -> _StartAccessRequestResponseSuccess
+                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _StartAccessRequestResponseSuccess
+
       interface _StartAssociationsOnceResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::StartAssociationsOnceResult]
       end
@@ -3078,7 +3115,7 @@ module Aws
                                  ops_item_id: ::String
                                },
                              ],
-                             ?status: ("Open" | "InProgress" | "Resolved" | "Pending" | "TimedOut" | "Cancelling" | "Cancelled" | "Failed" | "CompletedWithSuccess" | "CompletedWithFailure" | "Scheduled" | "RunbookInProgress" | "PendingChangeCalendarOverride" | "ChangeCalendarOverrideApproved" | "ChangeCalendarOverrideRejected" | "PendingApproval" | "Approved" | "Rejected" | "Closed"),
+                             ?status: ("Open" | "InProgress" | "Resolved" | "Pending" | "TimedOut" | "Cancelling" | "Cancelled" | "Failed" | "CompletedWithSuccess" | "CompletedWithFailure" | "Scheduled" | "RunbookInProgress" | "PendingChangeCalendarOverride" | "ChangeCalendarOverrideApproved" | "ChangeCalendarOverrideRejected" | "PendingApproval" | "Approved" | "Revoked" | "Rejected" | "Closed"),
                              ops_item_id: ::String,
                              ?title: ::String,
                              ?category: ::String,
@@ -3121,6 +3158,7 @@ module Aws
         def modified_date: () -> ::Time
         def description: () -> ::String
         def sources: () -> ::Array[Types::PatchSource]
+        def available_security_updates_compliance_status: () -> ("COMPLIANT" | "NON_COMPLIANT")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSM/Client.html#update_patch_baseline-instance_method
       def update_patch_baseline: (
@@ -3165,6 +3203,7 @@ module Aws
                                        configuration: ::String
                                      },
                                    ],
+                                   ?available_security_updates_compliance_status: ("COMPLIANT" | "NON_COMPLIANT"),
                                    ?replace: bool
                                  ) -> _UpdatePatchBaselineResponseSuccess
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdatePatchBaselineResponseSuccess

data/sig/errors.rbs

@@ -11,6 +11,9 @@ module Aws
       class ServiceError < ::Aws::Errors::ServiceError
       end
 
+      class AccessDeniedException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class AlreadyExistsException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
@@ -368,6 +371,13 @@ module Aws
       class ResourcePolicyNotFoundException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class ServiceQuotaExceededException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+        def resource_id: () -> ::String
+        def resource_type: () -> ::String
+        def quota_code: () -> ::String
+        def service_code: () -> ::String
+      end
       class ServiceSettingNotFound < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
@@ -382,6 +392,11 @@ module Aws
       class TargetNotConnected < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class ThrottlingException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+        def quota_code: () -> ::String
+        def service_code: () -> ::String
+      end
       class TooManyTagsError < ::Aws::Errors::ServiceError
       end
       class TooManyUpdates < ::Aws::Errors::ServiceError